diff options
| author | microsvuln <55649192+Microsvuln@users.noreply.github.com> | 2021-04-03 02:39:09 +0400 |
|---|---|---|
| committer | microsvuln <55649192+Microsvuln@users.noreply.github.com> | 2021-04-03 02:39:09 +0400 |
| commit | b418c31479f5d5e1d10c75eafec9ead9351453cb (patch) | |
| tree | 61695f45e7b98fde981a40b048f1541d6793d8f5 | |
| parent | bc99b5ba03815e2cfd2a6314a2fa9da78baa6fb6 (diff) | |
| download | afl++-b418c31479f5d5e1d10c75eafec9ead9351453cb.tar.gz | |
Some updates on readme
Some updates on readme
| -rw-r--r-- | utils/autodict_ql/readme.md | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index c8e5556f..45f685c6 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -79,4 +79,19 @@ Commands: - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. -6. Done! \ No newline at end of file +6. Done! + + +## More on dictionaries and tokens +Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. +On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. + +I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` is working based on the target. +In overall, fuzzing with dictionaries and well-generated tokens will give better results. + +There are 2 important points to remember : + +- If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. +- Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. + + \ No newline at end of file |